mdaniels5757 / waca

includes/Helpers/IrcNotificationHelper.php

Indentation +449 added lines, -449 removed lines

@@ -26,455 +26,455 @@
  */
 class IrcNotificationHelper
 {
-    /** @var PdoDatabase $notificationsDatabase */
-    private $notificationsDatabase;
-    /** @var PdoDatabase $primaryDatabase */
-    private $primaryDatabase;
-    /** @var bool $notificationsEnabled */
-    private $notificationsEnabled;
-    /** @var int $notificationType */
-    private $notificationType;
-    /** @var User $currentUser */
-    private $currentUser;
-    /** @var string $instanceName */
-    private $instanceName;
-    /** @var string */
-    private $baseUrl;
-    /** @var array */
-    private $requestStates;
-
-    /**
-     * IrcNotificationHelper constructor.
-     *
-     * @param SiteConfiguration $siteConfiguration
-     * @param PdoDatabase       $primaryDatabase
-     * @param PdoDatabase       $notificationsDatabase
-     */
-    public function __construct(
-        SiteConfiguration $siteConfiguration,
-        PdoDatabase $primaryDatabase,
-        PdoDatabase $notificationsDatabase = null
-    ) {
-        $this->primaryDatabase = $primaryDatabase;
-
-        if ($this->notificationsDatabase !== null) {
-            $this->notificationsDatabase = $notificationsDatabase;
-            $this->notificationsEnabled = $siteConfiguration->getIrcNotificationsEnabled();
-        }
-        else {
-            $this->notificationsEnabled = false;
-        }
-
-        $this->notificationType = $siteConfiguration->getIrcNotificationType();
-        $this->instanceName = $siteConfiguration->getIrcNotificationsInstance();
-        $this->baseUrl = $siteConfiguration->getBaseUrl();
-        $this->requestStates = $siteConfiguration->getRequestStates();
-
-        $this->currentUser = User::getCurrent($primaryDatabase);
-    }
-
-    /**
-     * Send a notification
-     *
-     * @param string $message The text to send
-     */
-    protected function send($message)
-    {
-        $instanceName = $this->instanceName;
-
-        if (!$this->notificationsEnabled) {
-            return;
-        }
-
-        $blacklist = array("DCC", "CCTP", "PRIVMSG");
-        $message = str_replace($blacklist, "(IRC Blacklist)", $message); // Lets stop DCC etc
-
-        $msg = IrcColourCode::RESET . IrcColourCode::BOLD . "[$instanceName]" . IrcColourCode::RESET . ": $message";
-
-        try {
-            $notification = new Notification();
-            $notification->setDatabase($this->notificationsDatabase);
-            $notification->setType($this->notificationType);
-            $notification->setText($msg);
-
-            $notification->save();
-        }
-        catch (Exception $ex) {
-            // OK, so we failed to send the notification - that db might be down?
-            // This is non-critical, so silently fail.
-
-            // Disable notifications for remainder of request.
-            $this->notificationsEnabled = false;
-        }
-    }
-
-    #region user management
-
-    /**
-     * send a new user notification
-     *
-     * @param User $user
-     */
-    public function userNew(User $user)
-    {
-        $this->send("New user: {$user->getUsername()}");
-    }
-
-    /**
-     * send an approved notification
-     *
-     * @param User $user
-     */
-    public function userApproved(User $user)
-    {
-        $this->send("{$user->getUsername()} approved by " . $this->currentUser->getUsername());
-    }
-
-    /**
-     * send a promoted notification
-     *
-     * @param User $user
-     */
-    public function userPromoted(User $user)
-    {
-        $this->send("{$user->getUsername()} promoted to tool admin by " . $this->currentUser->getUsername());
-    }
-
-    /**
-     * send a declined notification
-     *
-     * @param User   $user
-     * @param string $reason the reason the user was declined
-     */
-    public function userDeclined(User $user, $reason)
-    {
-        $this->send("{$user->getUsername()} declined by " . $this->currentUser->getUsername() . " ($reason)");
-    }
-
-    /**
-     * send a demotion notification
-     *
-     * @param User   $user
-     * @param string $reason the reason the user was demoted
-     */
-    public function userDemoted(User $user, $reason)
-    {
-        $this->send("{$user->getUsername()} demoted by " . $this->currentUser->getUsername() . " ($reason)");
-    }
-
-    /**
-     * send a suspended notification
-     *
-     * @param User   $user
-     * @param string $reason The reason the user has been suspended
-     */
-    public function userSuspended(User $user, $reason)
-    {
-        $this->send("{$user->getUsername()} suspended by " . $this->currentUser->getUsername() . " ($reason)");
-    }
-
-    /**
-     * Send a preference change notification
-     *
-     * @param User $user
-     */
-    public function userPrefChange(User $user)
-    {
-        $this->send("{$user->getUsername()}'s preferences were changed by " . $this->currentUser->getUsername());
-    }
-
-    /**
-     * Send a user renamed notification
-     *
-     * @param User   $user
-     * @param string $old
-     */
-    public function userRenamed(User $user, $old)
-    {
-        $this->send($this->currentUser->getUsername() . " renamed $old to {$user->getUsername()}");
-    }
-
-    /**
-     * @param User   $user
-     * @param string $reason
-     */
-    public function userRolesEdited(User $user, $reason)
-    {
-        $currentUser = $this->currentUser->getUsername();
-        $this->send("Active roles for {$user->getUsername()} changed by " . $currentUser . " ($reason)");
-    }
-
-    #endregion
-
-    #region Site Notice
-
-    /**
-     * Summary of siteNoticeEdited
-     */
-    public function siteNoticeEdited()
-    {
-        $this->send("Site notice edited by " . $this->currentUser->getUsername());
-    }
-    #endregion
-
-    #region Welcome Templates
-    /**
-     * Summary of welcomeTemplateCreated
-     *
-     * @param WelcomeTemplate $template
-     */
-    public function welcomeTemplateCreated(WelcomeTemplate $template)
-    {
-        $this->send("Welcome template {$template->getId()} created by " . $this->currentUser->getUsername());
-    }
-
-    /**
-     * Summary of welcomeTemplateDeleted
-     *
-     * @param int $templateid
-     */
-    public function welcomeTemplateDeleted($templateid)
-    {
-        $this->send("Welcome template {$templateid} deleted by " . $this->currentUser->getUsername());
-    }
-
-    /**
-     * Summary of welcomeTemplateEdited
-     *
-     * @param WelcomeTemplate $template
-     */
-    public function welcomeTemplateEdited(WelcomeTemplate $template)
-    {
-        $this->send("Welcome template {$template->getId()} edited by " . $this->currentUser->getUsername());
-    }
-
-    #endregion
-
-    #region bans
-    /**
-     * Summary of banned
-     *
-     * @param Ban $ban
-     */
-    public function banned(Ban $ban)
-    {
-        if ($ban->getDuration() == -1) {
-            $duration = "indefinitely";
-        }
-        else {
-            $duration = "until " . date("F j, Y, g:i a", $ban->getDuration());
-        }
-
-        $username = $this->currentUser->getUsername();
-
-        $this->send("{$ban->getTarget()} banned by {$username} for '{$ban->getReason()}' {$duration}");
-    }
-
-    /**
-     * Summary of unbanned
-     *
-     * @param Ban    $ban
-     * @param string $unbanreason
-     */
-    public function unbanned(Ban $ban, $unbanreason)
-    {
-        $this->send($ban->getTarget() . " unbanned by " . $this->currentUser
-                ->getUsername() . " (" . $unbanreason . ")");
-    }
-
-    #endregion
-
-    #region request management
-
-    /**
-     * Summary of requestReceived
-     *
-     * @param Request $request
-     */
-    public function requestReceived(Request $request)
-    {
-        $this->send(
-            IrcColourCode::DARK_GREY . "[["
-            . IrcColourCode::DARK_GREEN . "acc:"
-            . IrcColourCode::ORANGE . $request->getId()
-            . IrcColourCode::DARK_GREY . "]]"
-            . IrcColourCode::RED . " N "
-            . IrcColourCode::DARK_BLUE . $this->baseUrl . "/internal.php/viewRequest?id={$request->getId()} "
-            . IrcColourCode::DARK_RED . "* "
-            . IrcColourCode::DARK_GREEN . $request->getName()
-            . IrcColourCode::DARK_RED . " * "
-            . IrcColourCode::RESET
-        );
-    }
-
-    /**
-     * Summary of requestDeferred
-     *
-     * @param Request $request
-     */
-    public function requestDeferred(Request $request)
-    {
-        $availableRequestStates = $this->requestStates;
-
-        $deferTo = $availableRequestStates[$request->getStatus()]['deferto'];
-        $username = $this->currentUser->getUsername();
-
-        $this->send("Request {$request->getId()} ({$request->getName()}) deferred to {$deferTo} by {$username}");
-    }
-
-    /**
-     *
-     * Summary of requestDeferredWithMail
-     *
-     * @param Request $request
-     */
-    public function requestDeferredWithMail(Request $request)
-    {
-        $availableRequestStates = $this->requestStates;
-
-        $deferTo = $availableRequestStates[$request->getStatus()]['deferto'];
-        $username = $this->currentUser->getUsername();
-        $id = $request->getId();
-        $name = $request->getName();
-
-        $this->send("Request {$id} ({$name}) deferred to {$deferTo} with an email by {$username}");
-    }
-
-    /**
-     * Summary of requestClosed
-     *
-     * @param Request $request
-     * @param string  $closetype
-     */
-    public function requestClosed(Request $request, $closetype)
-    {
-        $username = $this->currentUser->getUsername();
-
-        $this->send("Request {$request->getId()} ({$request->getName()}) closed ($closetype) by {$username}");
-    }
-
-    /**
-     * Summary of sentMail
-     *
-     * @param Request $request
-     */
-    public function sentMail(Request $request)
-    {
-        $this->send($this->currentUser->getUsername()
-            . " sent an email related to Request {$request->getId()} ({$request->getName()})");
-    }
-
-    #endregion
-
-    #region reservations
-
-    /**
-     * Summary of requestReserved
-     *
-     * @param Request $request
-     */
-    public function requestReserved(Request $request)
-    {
-        $username = $this->currentUser->getUsername();
-
-        $this->send("Request {$request->getId()} ({$request->getName()}) reserved by {$username}");
-    }
-
-    /**
-     * Summary of requestReserveBroken
-     *
-     * @param Request $request
-     */
-    public function requestReserveBroken(Request $request)
-    {
-        $username = $this->currentUser->getUsername();
-
-        $this->send("Reservation on request {$request->getId()} ({$request->getName()}) broken by {$username}");
-    }
-
-    /**
-     * Summary of requestUnreserved
-     *
-     * @param Request $request
-     */
-    public function requestUnreserved(Request $request)
-    {
-        $this->send("Request {$request->getId()} ({$request->getName()}) is no longer being handled.");
-    }
-
-    /**
-     * Summary of requestReservationSent
-     *
-     * @param Request $request
-     * @param User    $target
-     */
-    public function requestReservationSent(Request $request, User $target)
-    {
-        $username = $this->currentUser->getUsername();
-
-        $this->send(
-            "Reservation of request {$request->getId()} ({$request->getName()}) sent to {$target->getUsername()} by "
-            . $username);
-    }
-
-    #endregion
-
-    #region comments
-
-    /**
-     * Summary of commentCreated
-     *
-     * @param Comment $comment
-     * @param Request $request
-     */
-    public function commentCreated(Comment $comment, Request $request)
-    {
-        $username = $this->currentUser->getUsername();
-        $visibility = ($comment->getVisibility() == "admin" ? "private " : "");
-
-        $this->send("{$username} posted a {$visibility}comment on request {$request->getId()} ({$request->getName()})");
-    }
-
-    /**
-     * Summary of commentEdited
-     *
-     * @param Comment $comment
-     * @param Request $request
-     */
-    public function commentEdited(Comment $comment, Request $request)
-    {
-        $username = $this->currentUser->getUsername();
-
-        $this->send(<<<TAG
+	/** @var PdoDatabase $notificationsDatabase */
+	private $notificationsDatabase;
+	/** @var PdoDatabase $primaryDatabase */
+	private $primaryDatabase;
+	/** @var bool $notificationsEnabled */
+	private $notificationsEnabled;
+	/** @var int $notificationType */
+	private $notificationType;
+	/** @var User $currentUser */
+	private $currentUser;
+	/** @var string $instanceName */
+	private $instanceName;
+	/** @var string */
+	private $baseUrl;
+	/** @var array */
+	private $requestStates;
+
+	/**
+	 * IrcNotificationHelper constructor.
+	 *
+	 * @param SiteConfiguration $siteConfiguration
+	 * @param PdoDatabase       $primaryDatabase
+	 * @param PdoDatabase       $notificationsDatabase
+	 */
+	public function __construct(
+		SiteConfiguration $siteConfiguration,
+		PdoDatabase $primaryDatabase,
+		PdoDatabase $notificationsDatabase = null
+	) {
+		$this->primaryDatabase = $primaryDatabase;
+
+		if ($this->notificationsDatabase !== null) {
+			$this->notificationsDatabase = $notificationsDatabase;
+			$this->notificationsEnabled = $siteConfiguration->getIrcNotificationsEnabled();
+		}
+		else {
+			$this->notificationsEnabled = false;
+		}
+
+		$this->notificationType = $siteConfiguration->getIrcNotificationType();
+		$this->instanceName = $siteConfiguration->getIrcNotificationsInstance();
+		$this->baseUrl = $siteConfiguration->getBaseUrl();
+		$this->requestStates = $siteConfiguration->getRequestStates();
+
+		$this->currentUser = User::getCurrent($primaryDatabase);
+	}
+
+	/**
+	 * Send a notification
+	 *
+	 * @param string $message The text to send
+	 */
+	protected function send($message)
+	{
+		$instanceName = $this->instanceName;
+
+		if (!$this->notificationsEnabled) {
+			return;
+		}
+
+		$blacklist = array("DCC", "CCTP", "PRIVMSG");
+		$message = str_replace($blacklist, "(IRC Blacklist)", $message); // Lets stop DCC etc
+
+		$msg = IrcColourCode::RESET . IrcColourCode::BOLD . "[$instanceName]" . IrcColourCode::RESET . ": $message";
+
+		try {
+			$notification = new Notification();
+			$notification->setDatabase($this->notificationsDatabase);
+			$notification->setType($this->notificationType);
+			$notification->setText($msg);
+
+			$notification->save();
+		}
+		catch (Exception $ex) {
+			// OK, so we failed to send the notification - that db might be down?
+			// This is non-critical, so silently fail.
+
+			// Disable notifications for remainder of request.
+			$this->notificationsEnabled = false;
+		}
+	}
+
+	#region user management
+
+	/**
+	 * send a new user notification
+	 *
+	 * @param User $user
+	 */
+	public function userNew(User $user)
+	{
+		$this->send("New user: {$user->getUsername()}");
+	}
+
+	/**
+	 * send an approved notification
+	 *
+	 * @param User $user
+	 */
+	public function userApproved(User $user)
+	{
+		$this->send("{$user->getUsername()} approved by " . $this->currentUser->getUsername());
+	}
+
+	/**
+	 * send a promoted notification
+	 *
+	 * @param User $user
+	 */
+	public function userPromoted(User $user)
+	{
+		$this->send("{$user->getUsername()} promoted to tool admin by " . $this->currentUser->getUsername());
+	}
+
+	/**
+	 * send a declined notification
+	 *
+	 * @param User   $user
+	 * @param string $reason the reason the user was declined
+	 */
+	public function userDeclined(User $user, $reason)
+	{
+		$this->send("{$user->getUsername()} declined by " . $this->currentUser->getUsername() . " ($reason)");
+	}
+
+	/**
+	 * send a demotion notification
+	 *
+	 * @param User   $user
+	 * @param string $reason the reason the user was demoted
+	 */
+	public function userDemoted(User $user, $reason)
+	{
+		$this->send("{$user->getUsername()} demoted by " . $this->currentUser->getUsername() . " ($reason)");
+	}
+
+	/**
+	 * send a suspended notification
+	 *
+	 * @param User   $user
+	 * @param string $reason The reason the user has been suspended
+	 */
+	public function userSuspended(User $user, $reason)
+	{
+		$this->send("{$user->getUsername()} suspended by " . $this->currentUser->getUsername() . " ($reason)");
+	}
+
+	/**
+	 * Send a preference change notification
+	 *
+	 * @param User $user
+	 */
+	public function userPrefChange(User $user)
+	{
+		$this->send("{$user->getUsername()}'s preferences were changed by " . $this->currentUser->getUsername());
+	}
+
+	/**
+	 * Send a user renamed notification
+	 *
+	 * @param User   $user
+	 * @param string $old
+	 */
+	public function userRenamed(User $user, $old)
+	{
+		$this->send($this->currentUser->getUsername() . " renamed $old to {$user->getUsername()}");
+	}
+
+	/**
+	 * @param User   $user
+	 * @param string $reason
+	 */
+	public function userRolesEdited(User $user, $reason)
+	{
+		$currentUser = $this->currentUser->getUsername();
+		$this->send("Active roles for {$user->getUsername()} changed by " . $currentUser . " ($reason)");
+	}
+
+	#endregion
+
+	#region Site Notice
+
+	/**
+	 * Summary of siteNoticeEdited
+	 */
+	public function siteNoticeEdited()
+	{
+		$this->send("Site notice edited by " . $this->currentUser->getUsername());
+	}
+	#endregion
+
+	#region Welcome Templates
+	/**
+	 * Summary of welcomeTemplateCreated
+	 *
+	 * @param WelcomeTemplate $template
+	 */
+	public function welcomeTemplateCreated(WelcomeTemplate $template)
+	{
+		$this->send("Welcome template {$template->getId()} created by " . $this->currentUser->getUsername());
+	}
+
+	/**
+	 * Summary of welcomeTemplateDeleted
+	 *
+	 * @param int $templateid
+	 */
+	public function welcomeTemplateDeleted($templateid)
+	{
+		$this->send("Welcome template {$templateid} deleted by " . $this->currentUser->getUsername());
+	}
+
+	/**
+	 * Summary of welcomeTemplateEdited
+	 *
+	 * @param WelcomeTemplate $template
+	 */
+	public function welcomeTemplateEdited(WelcomeTemplate $template)
+	{
+		$this->send("Welcome template {$template->getId()} edited by " . $this->currentUser->getUsername());
+	}
+
+	#endregion
+
+	#region bans
+	/**
+	 * Summary of banned
+	 *
+	 * @param Ban $ban
+	 */
+	public function banned(Ban $ban)
+	{
+		if ($ban->getDuration() == -1) {
+			$duration = "indefinitely";
+		}
+		else {
+			$duration = "until " . date("F j, Y, g:i a", $ban->getDuration());
+		}
+
+		$username = $this->currentUser->getUsername();
+
+		$this->send("{$ban->getTarget()} banned by {$username} for '{$ban->getReason()}' {$duration}");
+	}
+
+	/**
+	 * Summary of unbanned
+	 *
+	 * @param Ban    $ban
+	 * @param string $unbanreason
+	 */
+	public function unbanned(Ban $ban, $unbanreason)
+	{
+		$this->send($ban->getTarget() . " unbanned by " . $this->currentUser
+				->getUsername() . " (" . $unbanreason . ")");
+	}
+
+	#endregion
+
+	#region request management
+
+	/**
+	 * Summary of requestReceived
+	 *
+	 * @param Request $request
+	 */
+	public function requestReceived(Request $request)
+	{
+		$this->send(
+			IrcColourCode::DARK_GREY . "[["
+			. IrcColourCode::DARK_GREEN . "acc:"
+			. IrcColourCode::ORANGE . $request->getId()
+			. IrcColourCode::DARK_GREY . "]]"
+			. IrcColourCode::RED . " N "
+			. IrcColourCode::DARK_BLUE . $this->baseUrl . "/internal.php/viewRequest?id={$request->getId()} "
+			. IrcColourCode::DARK_RED . "* "
+			. IrcColourCode::DARK_GREEN . $request->getName()
+			. IrcColourCode::DARK_RED . " * "
+			. IrcColourCode::RESET
+		);
+	}
+
+	/**
+	 * Summary of requestDeferred
+	 *
+	 * @param Request $request
+	 */
+	public function requestDeferred(Request $request)
+	{
+		$availableRequestStates = $this->requestStates;
+
+		$deferTo = $availableRequestStates[$request->getStatus()]['deferto'];
+		$username = $this->currentUser->getUsername();
+
+		$this->send("Request {$request->getId()} ({$request->getName()}) deferred to {$deferTo} by {$username}");
+	}
+
+	/**
+	 *
+	 * Summary of requestDeferredWithMail
+	 *
+	 * @param Request $request
+	 */
+	public function requestDeferredWithMail(Request $request)
+	{
+		$availableRequestStates = $this->requestStates;
+
+		$deferTo = $availableRequestStates[$request->getStatus()]['deferto'];
+		$username = $this->currentUser->getUsername();
+		$id = $request->getId();
+		$name = $request->getName();
+
+		$this->send("Request {$id} ({$name}) deferred to {$deferTo} with an email by {$username}");
+	}
+
+	/**
+	 * Summary of requestClosed
+	 *
+	 * @param Request $request
+	 * @param string  $closetype
+	 */
+	public function requestClosed(Request $request, $closetype)
+	{
+		$username = $this->currentUser->getUsername();
+
+		$this->send("Request {$request->getId()} ({$request->getName()}) closed ($closetype) by {$username}");
+	}
+
+	/**
+	 * Summary of sentMail
+	 *
+	 * @param Request $request
+	 */
+	public function sentMail(Request $request)
+	{
+		$this->send($this->currentUser->getUsername()
+			. " sent an email related to Request {$request->getId()} ({$request->getName()})");
+	}
+
+	#endregion
+
+	#region reservations
+
+	/**
+	 * Summary of requestReserved
+	 *
+	 * @param Request $request
+	 */
+	public function requestReserved(Request $request)
+	{
+		$username = $this->currentUser->getUsername();
+
+		$this->send("Request {$request->getId()} ({$request->getName()}) reserved by {$username}");
+	}
+
+	/**
+	 * Summary of requestReserveBroken
+	 *
+	 * @param Request $request
+	 */
+	public function requestReserveBroken(Request $request)
+	{
+		$username = $this->currentUser->getUsername();
+
+		$this->send("Reservation on request {$request->getId()} ({$request->getName()}) broken by {$username}");
+	}
+
+	/**
+	 * Summary of requestUnreserved
+	 *
+	 * @param Request $request
+	 */
+	public function requestUnreserved(Request $request)
+	{
+		$this->send("Request {$request->getId()} ({$request->getName()}) is no longer being handled.");
+	}
+
+	/**
+	 * Summary of requestReservationSent
+	 *
+	 * @param Request $request
+	 * @param User    $target
+	 */
+	public function requestReservationSent(Request $request, User $target)
+	{
+		$username = $this->currentUser->getUsername();
+
+		$this->send(
+			"Reservation of request {$request->getId()} ({$request->getName()}) sent to {$target->getUsername()} by "
+			. $username);
+	}
+
+	#endregion
+
+	#region comments
+
+	/**
+	 * Summary of commentCreated
+	 *
+	 * @param Comment $comment
+	 * @param Request $request
+	 */
+	public function commentCreated(Comment $comment, Request $request)
+	{
+		$username = $this->currentUser->getUsername();
+		$visibility = ($comment->getVisibility() == "admin" ? "private " : "");
+
+		$this->send("{$username} posted a {$visibility}comment on request {$request->getId()} ({$request->getName()})");
+	}
+
+	/**
+	 * Summary of commentEdited
+	 *
+	 * @param Comment $comment
+	 * @param Request $request
+	 */
+	public function commentEdited(Comment $comment, Request $request)
+	{
+		$username = $this->currentUser->getUsername();
+
+		$this->send(<<<TAG
 Comment {$comment->getId()} on request {$request->getId()} ({$request->getName()}) edited by {$username}
 TAG
-        );
-    }
-
-    #endregion
-
-    #region email management (close reasons)
-
-    /**
-     * Summary of emailCreated
-     *
-     * @param EmailTemplate $template
-     */
-    public function emailCreated(EmailTemplate $template)
-    {
-        $username = $this->currentUser->getUsername();
-        $this->send("Email {$template->getId()} ({$template->getName()}) created by " . $username);
-    }
-
-    /**
-     * Summary of emailEdited
-     *
-     * @param EmailTemplate $template
-     */
-    public function emailEdited(EmailTemplate $template)
-    {
-        $username = $this->currentUser->getUsername();
-        $this->send("Email {$template->getId()} ({$template->getName()}) edited by " . $username);
-    }
-    #endregion
+		);
+	}
+
+	#endregion
+
+	#region email management (close reasons)
+
+	/**
+	 * Summary of emailCreated
+	 *
+	 * @param EmailTemplate $template
+	 */
+	public function emailCreated(EmailTemplate $template)
+	{
+		$username = $this->currentUser->getUsername();
+		$this->send("Email {$template->getId()} ({$template->getName()}) created by " . $username);
+	}
+
+	/**
+	 * Summary of emailEdited
+	 *
+	 * @param EmailTemplate $template
+	 */
+	public function emailEdited(EmailTemplate $template)
+	{
+		$username = $this->currentUser->getUsername();
+		$this->send("Email {$template->getId()} ({$template->getName()}) edited by " . $username);
+	}
+	#endregion
 }

Braces +2 added lines, -4 removed lines

@@ -60,8 +60,7 @@ 
         if ($this->notificationsDatabase !== null) {
             $this->notificationsDatabase = $notificationsDatabase;
             $this->notificationsEnabled = $siteConfiguration->getIrcNotificationsEnabled();
-        }
-        else {
+        } else {
             $this->notificationsEnabled = false;
         }
 
@@ -260,8 +259,7 @@ 
     {
         if ($ban->getDuration() == -1) {
             $duration = "indefinitely";
-        }
-        else {
+        } else {
             $duration = "until " . date("F j, Y, g:i a", $ban->getDuration());
         }
 

includes/Helpers/HttpHelper.php

Indentation +99 added lines, -99 removed lines

@@ -12,103 +12,103 @@
 
 class HttpHelper
 {
-    private $curlHandle;
-
-    /**
-     * HttpHelper constructor.
-     *
-     * @param string  $userAgent
-     * @param boolean $disableVerifyPeer
-     */
-    public function __construct($userAgent, $disableVerifyPeer)
-    {
-        $this->curlHandle = curl_init();
-
-        curl_setopt($this->curlHandle, CURLOPT_RETURNTRANSFER, true);
-        curl_setopt($this->curlHandle, CURLOPT_USERAGENT, $userAgent);
-        curl_setopt($this->curlHandle, CURLOPT_FAILONERROR, true);
-
-        if ($disableVerifyPeer) {
-            curl_setopt($this->curlHandle, CURLOPT_SSL_VERIFYPEER, false);
-        }
-    }
-
-    public function __destruct()
-    {
-        curl_close($this->curlHandle);
-    }
-
-    /**
-     * Fetches the content of a URL, with an optional parameter set.
-     *
-     * @param string     $url        The URL to fetch.
-     * @param null|array $parameters Key/value pair of GET parameters to add to the request.
-     *                               Null lets you handle it yourself.
-     *
-     * @param array      $headers
-     *
-     * @return string
-     * @throws CurlException
-     */
-    public function get($url, $parameters = null, $headers = array())
-    {
-        if ($parameters !== null && is_array($parameters)) {
-            $getString = '?' . http_build_query($parameters);
-            $url .= $getString;
-        }
-
-        curl_setopt($this->curlHandle, CURLOPT_URL, $url);
-
-        // Make sure we're doing a GET
-        curl_setopt($this->curlHandle, CURLOPT_POST, false);
-
-        curl_setopt($this->curlHandle, CURLOPT_HTTPHEADER, $headers);
-
-        $result = curl_exec($this->curlHandle);
-
-        if ($result === false) {
-            $error = curl_error($this->curlHandle);
-            throw new CurlException('Remote request failed with error ' . $error);
-        }
-
-        return $result;
-    }
-
-    /**
-     * Posts data to a URL
-     *
-     * @param string $url        The URL to fetch.
-     * @param array  $parameters Key/value pair of POST parameters to add to the request.
-     * @param array  $headers
-     *
-     * @return string
-     * @throws CurlException
-     */
-    public function post($url, $parameters, $headers = array())
-    {
-        curl_setopt($this->curlHandle, CURLOPT_URL, $url);
-
-        // Make sure we're doing a POST
-        curl_setopt($this->curlHandle, CURLOPT_POST, true);
-        curl_setopt($this->curlHandle, CURLOPT_POSTFIELDS, http_build_query($parameters));
-
-        curl_setopt($this->curlHandle, CURLOPT_HTTPHEADER, $headers);
-
-        $result = curl_exec($this->curlHandle);
-
-        if ($result === false) {
-            $error = curl_error($this->curlHandle);
-            throw new CurlException('Remote request failed with error ' . $error);
-        }
-
-        return $result;
-    }
-
-    /**
-     * @return string
-     */
-    public function getError()
-    {
-        return curl_error($this->curlHandle);
-    }
+	private $curlHandle;
+
+	/**
+	 * HttpHelper constructor.
+	 *
+	 * @param string  $userAgent
+	 * @param boolean $disableVerifyPeer
+	 */
+	public function __construct($userAgent, $disableVerifyPeer)
+	{
+		$this->curlHandle = curl_init();
+
+		curl_setopt($this->curlHandle, CURLOPT_RETURNTRANSFER, true);
+		curl_setopt($this->curlHandle, CURLOPT_USERAGENT, $userAgent);
+		curl_setopt($this->curlHandle, CURLOPT_FAILONERROR, true);
+
+		if ($disableVerifyPeer) {
+			curl_setopt($this->curlHandle, CURLOPT_SSL_VERIFYPEER, false);
+		}
+	}
+
+	public function __destruct()
+	{
+		curl_close($this->curlHandle);
+	}
+
+	/**
+	 * Fetches the content of a URL, with an optional parameter set.
+	 *
+	 * @param string     $url        The URL to fetch.
+	 * @param null|array $parameters Key/value pair of GET parameters to add to the request.
+	 *                               Null lets you handle it yourself.
+	 *
+	 * @param array      $headers
+	 *
+	 * @return string
+	 * @throws CurlException
+	 */
+	public function get($url, $parameters = null, $headers = array())
+	{
+		if ($parameters !== null && is_array($parameters)) {
+			$getString = '?' . http_build_query($parameters);
+			$url .= $getString;
+		}
+
+		curl_setopt($this->curlHandle, CURLOPT_URL, $url);
+
+		// Make sure we're doing a GET
+		curl_setopt($this->curlHandle, CURLOPT_POST, false);
+
+		curl_setopt($this->curlHandle, CURLOPT_HTTPHEADER, $headers);
+
+		$result = curl_exec($this->curlHandle);
+
+		if ($result === false) {
+			$error = curl_error($this->curlHandle);
+			throw new CurlException('Remote request failed with error ' . $error);
+		}
+
+		return $result;
+	}
+
+	/**
+	 * Posts data to a URL
+	 *
+	 * @param string $url        The URL to fetch.
+	 * @param array  $parameters Key/value pair of POST parameters to add to the request.
+	 * @param array  $headers
+	 *
+	 * @return string
+	 * @throws CurlException
+	 */
+	public function post($url, $parameters, $headers = array())
+	{
+		curl_setopt($this->curlHandle, CURLOPT_URL, $url);
+
+		// Make sure we're doing a POST
+		curl_setopt($this->curlHandle, CURLOPT_POST, true);
+		curl_setopt($this->curlHandle, CURLOPT_POSTFIELDS, http_build_query($parameters));
+
+		curl_setopt($this->curlHandle, CURLOPT_HTTPHEADER, $headers);
+
+		$result = curl_exec($this->curlHandle);
+
+		if ($result === false) {
+			$error = curl_error($this->curlHandle);
+			throw new CurlException('Remote request failed with error ' . $error);
+		}
+
+		return $result;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getError()
+	{
+		return curl_error($this->curlHandle);
+	}
 }
\ No newline at end of file

includes/Environment.php

Indentation +15 added lines, -15 removed lines

@@ -13,21 +13,21 @@
  */
 class Environment
 {
-    /**
-     * @var string Cached copy of the tool version
-     */
-    private static $toolVersion = null;
+	/**
+	 * @var string Cached copy of the tool version
+	 */
+	private static $toolVersion = null;
 
-    /**
-     * Gets the tool version, using cached data if available.
-     * @return string
-     */
-    public static function getToolVersion()
-    {
-        if (self::$toolVersion === null) {
-            self::$toolVersion = exec("git describe --always --dirty");
-        }
+	/**
+	 * Gets the tool version, using cached data if available.
+	 * @return string
+	 */
+	public static function getToolVersion()
+	{
+		if (self::$toolVersion === null) {
+			self::$toolVersion = exec("git describe --always --dirty");
+		}
 
-        return self::$toolVersion;
-    }
+		return self::$toolVersion;
+	}
 }

includes/Security/SecurityManager.php

Indentation +196 added lines, -196 removed lines

@@ -14,200 +14,200 @@
 
 final class SecurityManager
 {
-    const ALLOWED = 1;
-    const ERROR_NOT_IDENTIFIED = 2;
-    const ERROR_DENIED = 3;
-    /** @var IdentificationVerifier */
-    private $identificationVerifier;
-    /**
-     * @var RoleConfiguration
-     */
-    private $roleConfiguration;
-
-    /**
-     * SecurityManager constructor.
-     *
-     * @param IdentificationVerifier $identificationVerifier
-     * @param RoleConfiguration      $roleConfiguration
-     */
-    public function __construct(
-        IdentificationVerifier $identificationVerifier,
-        RoleConfiguration $roleConfiguration
-    ) {
-        $this->identificationVerifier = $identificationVerifier;
-        $this->roleConfiguration = $roleConfiguration;
-    }
-
-    /**
-     * Tests if a user is allowed to perform an action.
-     *
-     * This method should form a hard, deterministic security barrier, and only return true if it is absolutely sure
-     * that a user should have access to something.
-     *
-     * @param string $page
-     * @param string $route
-     * @param User   $user
-     *
-     * @return int
-     *
-     * @category Security-Critical
-     */
-    public function allows($page, $route, User $user)
-    {
-        $this->getActiveRoles($user, $activeRoles, $inactiveRoles);
-
-        $availableRights = $this->flattenRoles($activeRoles);
-        $testResult = $this->findResult($availableRights, $page, $route);
-
-        if ($testResult !== null) {
-            // We got a firm result here, so just return it.
-            return $testResult;
-        }
-
-        // No firm result yet, so continue testing the inactive roles so we can give a better error.
-        $inactiveRights = $this->flattenRoles($inactiveRoles);
-        $testResult = $this->findResult($inactiveRights, $page, $route);
-
-        if ($testResult === self::ALLOWED) {
-            // The user is allowed to access this, but their role is inactive.
-            return self::ERROR_NOT_IDENTIFIED;
-        }
-
-        // Other options from the secondary test are denied and inconclusive, which at this point defaults to denied.
-        return self::ERROR_DENIED;
-    }
-
-    /**
-     * @param array  $pseudoRole The role (flattened) to check
-     * @param string $page       The page class to check
-     * @param string $route      The page route to check
-     *
-     * @return int|null
-     */
-    private function findResult($pseudoRole, $page, $route)
-    {
-        if (isset($pseudoRole[$page])) {
-            // check for deny on catch-all route
-            if (isset($pseudoRole[$page][RoleConfiguration::ALL])) {
-                if ($pseudoRole[$page][RoleConfiguration::ALL] === RoleConfiguration::ACCESS_DENY) {
-                    return self::ERROR_DENIED;
-                }
-            }
-
-            // check normal route
-            if (isset($pseudoRole[$page][$route])) {
-                if ($pseudoRole[$page][$route] === RoleConfiguration::ACCESS_DENY) {
-                    return self::ERROR_DENIED;
-                }
-
-                if ($pseudoRole[$page][$route] === RoleConfiguration::ACCESS_ALLOW) {
-                    return self::ALLOWED;
-                }
-            }
-
-            // check for allowed on catch-all route
-            if (isset($pseudoRole[$page][RoleConfiguration::ALL])) {
-                if ($pseudoRole[$page][RoleConfiguration::ALL] === RoleConfiguration::ACCESS_ALLOW) {
-                    return self::ALLOWED;
-                }
-            }
-        }
-
-        // return indeterminate result
-        return null;
-    }
-
-    /**
-     * Takes an array of roles and flattens the values to a single set.
-     *
-     * @param array $activeRoles
-     *
-     * @return array
-     */
-    private function flattenRoles($activeRoles)
-    {
-        $result = array();
-
-        $roleConfig = $this->roleConfiguration->getApplicableRoles($activeRoles);
-
-        // Iterate over every page in every role
-        foreach ($roleConfig as $role) {
-            foreach ($role as $page => $pageRights) {
-                // Create holder in result for this page
-                if (!isset($result[$page])) {
-                    $result[$page] = array();
-                }
-
-                foreach ($pageRights as $action => $permission) {
-                    // Deny takes precedence, so if it's set, don't change it.
-                    if (isset($result[$page][$action])) {
-                        if ($result[$page][$action] === RoleConfiguration::ACCESS_DENY) {
-                            continue;
-                        }
-                    }
-
-                    if ($permission === RoleConfiguration::ACCESS_DEFAULT) {
-                        // Configured to do precisely nothing.
-                        continue;
-                    }
-
-                    $result[$page][$action] = $permission;
-                }
-            }
-        }
-
-        return $result;
-    }
-
-    /**
-     * @param User  $user
-     * @param array $activeRoles
-     * @param array $inactiveRoles
-     */
-    public function getActiveRoles(User $user, &$activeRoles, &$inactiveRoles)
-    {
-        // Default to the community user here, because the main user is logged out
-        $identified = false;
-        $userRoles = array('public');
-
-        // if we're not the community user, get our real rights.
-        if (!$user->isCommunityUser()) {
-            // Check the user's status - only active users are allowed the effects of roles
-
-            $userRoles[] = 'loggedIn';
-
-            if ($user->isActive()) {
-                $ur = UserRole::getForUser($user->getId(), $user->getDatabase());
-
-                // NOTE: public is still in this array.
-                foreach ($ur as $r) {
-                    $userRoles[] = $r->getRole();
-                }
-
-                $identified = $user->isIdentified($this->identificationVerifier);
-            }
-        }
-
-        $activeRoles = array();
-        $inactiveRoles = array();
-
-        /** @var string $v */
-        foreach ($userRoles as $v) {
-            if ($this->roleConfiguration->roleNeedsIdentification($v)) {
-                if ($identified) {
-                    $activeRoles[] = $v;
-                }
-                else {
-                    $inactiveRoles[] = $v;
-                }
-            }
-            else {
-                $activeRoles[] = $v;
-            }
-        }
-    }
-
-    public function getRoleConfiguration(){
-        return $this->roleConfiguration;
-    }
+	const ALLOWED = 1;
+	const ERROR_NOT_IDENTIFIED = 2;
+	const ERROR_DENIED = 3;
+	/** @var IdentificationVerifier */
+	private $identificationVerifier;
+	/**
+	 * @var RoleConfiguration
+	 */
+	private $roleConfiguration;
+
+	/**
+	 * SecurityManager constructor.
+	 *
+	 * @param IdentificationVerifier $identificationVerifier
+	 * @param RoleConfiguration      $roleConfiguration
+	 */
+	public function __construct(
+		IdentificationVerifier $identificationVerifier,
+		RoleConfiguration $roleConfiguration
+	) {
+		$this->identificationVerifier = $identificationVerifier;
+		$this->roleConfiguration = $roleConfiguration;
+	}
+
+	/**
+	 * Tests if a user is allowed to perform an action.
+	 *
+	 * This method should form a hard, deterministic security barrier, and only return true if it is absolutely sure
+	 * that a user should have access to something.
+	 *
+	 * @param string $page
+	 * @param string $route
+	 * @param User   $user
+	 *
+	 * @return int
+	 *
+	 * @category Security-Critical
+	 */
+	public function allows($page, $route, User $user)
+	{
+		$this->getActiveRoles($user, $activeRoles, $inactiveRoles);
+
+		$availableRights = $this->flattenRoles($activeRoles);
+		$testResult = $this->findResult($availableRights, $page, $route);
+
+		if ($testResult !== null) {
+			// We got a firm result here, so just return it.
+			return $testResult;
+		}
+
+		// No firm result yet, so continue testing the inactive roles so we can give a better error.
+		$inactiveRights = $this->flattenRoles($inactiveRoles);
+		$testResult = $this->findResult($inactiveRights, $page, $route);
+
+		if ($testResult === self::ALLOWED) {
+			// The user is allowed to access this, but their role is inactive.
+			return self::ERROR_NOT_IDENTIFIED;
+		}
+
+		// Other options from the secondary test are denied and inconclusive, which at this point defaults to denied.
+		return self::ERROR_DENIED;
+	}
+
+	/**
+	 * @param array  $pseudoRole The role (flattened) to check
+	 * @param string $page       The page class to check
+	 * @param string $route      The page route to check
+	 *
+	 * @return int|null
+	 */
+	private function findResult($pseudoRole, $page, $route)
+	{
+		if (isset($pseudoRole[$page])) {
+			// check for deny on catch-all route
+			if (isset($pseudoRole[$page][RoleConfiguration::ALL])) {
+				if ($pseudoRole[$page][RoleConfiguration::ALL] === RoleConfiguration::ACCESS_DENY) {
+					return self::ERROR_DENIED;
+				}
+			}
+
+			// check normal route
+			if (isset($pseudoRole[$page][$route])) {
+				if ($pseudoRole[$page][$route] === RoleConfiguration::ACCESS_DENY) {
+					return self::ERROR_DENIED;
+				}
+
+				if ($pseudoRole[$page][$route] === RoleConfiguration::ACCESS_ALLOW) {
+					return self::ALLOWED;
+				}
+			}
+
+			// check for allowed on catch-all route
+			if (isset($pseudoRole[$page][RoleConfiguration::ALL])) {
+				if ($pseudoRole[$page][RoleConfiguration::ALL] === RoleConfiguration::ACCESS_ALLOW) {
+					return self::ALLOWED;
+				}
+			}
+		}
+
+		// return indeterminate result
+		return null;
+	}
+
+	/**
+	 * Takes an array of roles and flattens the values to a single set.
+	 *
+	 * @param array $activeRoles
+	 *
+	 * @return array
+	 */
+	private function flattenRoles($activeRoles)
+	{
+		$result = array();
+
+		$roleConfig = $this->roleConfiguration->getApplicableRoles($activeRoles);
+
+		// Iterate over every page in every role
+		foreach ($roleConfig as $role) {
+			foreach ($role as $page => $pageRights) {
+				// Create holder in result for this page
+				if (!isset($result[$page])) {
+					$result[$page] = array();
+				}
+
+				foreach ($pageRights as $action => $permission) {
+					// Deny takes precedence, so if it's set, don't change it.
+					if (isset($result[$page][$action])) {
+						if ($result[$page][$action] === RoleConfiguration::ACCESS_DENY) {
+							continue;
+						}
+					}
+
+					if ($permission === RoleConfiguration::ACCESS_DEFAULT) {
+						// Configured to do precisely nothing.
+						continue;
+					}
+
+					$result[$page][$action] = $permission;
+				}
+			}
+		}
+
+		return $result;
+	}
+
+	/**
+	 * @param User  $user
+	 * @param array $activeRoles
+	 * @param array $inactiveRoles
+	 */
+	public function getActiveRoles(User $user, &$activeRoles, &$inactiveRoles)
+	{
+		// Default to the community user here, because the main user is logged out
+		$identified = false;
+		$userRoles = array('public');
+
+		// if we're not the community user, get our real rights.
+		if (!$user->isCommunityUser()) {
+			// Check the user's status - only active users are allowed the effects of roles
+
+			$userRoles[] = 'loggedIn';
+
+			if ($user->isActive()) {
+				$ur = UserRole::getForUser($user->getId(), $user->getDatabase());
+
+				// NOTE: public is still in this array.
+				foreach ($ur as $r) {
+					$userRoles[] = $r->getRole();
+				}
+
+				$identified = $user->isIdentified($this->identificationVerifier);
+			}
+		}
+
+		$activeRoles = array();
+		$inactiveRoles = array();
+
+		/** @var string $v */
+		foreach ($userRoles as $v) {
+			if ($this->roleConfiguration->roleNeedsIdentification($v)) {
+				if ($identified) {
+					$activeRoles[] = $v;
+				}
+				else {
+					$inactiveRoles[] = $v;
+				}
+			}
+			else {
+				$activeRoles[] = $v;
+			}
+		}
+	}
+
+	public function getRoleConfiguration(){
+		return $this->roleConfiguration;
+	}
 }

Spacing +1 added lines, -1 removed lines

@@ -207,7 +207,7 @@
         }
     }
 
-    public function getRoleConfiguration(){
+    public function getRoleConfiguration() {
         return $this->roleConfiguration;
     }
 }

Braces +4 added lines, -5 removed lines

@@ -196,18 +196,17 @@
             if ($this->roleConfiguration->roleNeedsIdentification($v)) {
                 if ($identified) {
                     $activeRoles[] = $v;
-                }
-                else {
+                } else {
                     $inactiveRoles[] = $v;
                 }
-            }
-            else {
+            } else {
                 $activeRoles[] = $v;
             }
         }
     }
 
-    public function getRoleConfiguration(){
+    public function getRoleConfiguration()
+    {
         return $this->roleConfiguration;
     }
 }

includes/Security/RoleConfiguration.php

Indentation +307 added lines, -307 removed lines

@@ -41,338 +41,338 @@
 
 class RoleConfiguration
 {
-    const ACCESS_ALLOW = 1;
-    const ACCESS_DENY = -1;
-    const ACCESS_DEFAULT = 0;
-    const MAIN = 'main';
-    const ALL = '*';
-    /**
-     * A map of roles to rights
-     *
-     * For example:
-     *
-     * array(
-     *   'myrole' => array(
-     *       PageMyPage::class => array(
-     *           'edit' => self::ACCESS_ALLOW,
-     *           'create' => self::ACCESS_DENY,
-     *       )
-     *   )
-     * )
-     *
-     * Note that DENY takes precedence over everything else when roles are combined, followed by ALLOW, followed by
-     * DEFAULT. Thus, if you have the following ([A]llow, [D]eny, [-] (default)) grants in different roles, this should
-     * be the expected result:
-     *
-     * - (-,-,-) = - (default because nothing to explicitly say allowed or denied equates to a denial)
-     * - (A,-,-) = A
-     * - (D,-,-) = D
-     * - (A,D,-) = D (deny takes precedence over allow)
-     * - (A,A,A) = A (repetition has no effect)
-     *
-     * The public role is special, and is applied to all users automatically. Avoid using deny on this role.
-     *
-     * @var array
-     */
-    private $roleConfig = array(
-        'public'            => array(
-            /*
+	const ACCESS_ALLOW = 1;
+	const ACCESS_DENY = -1;
+	const ACCESS_DEFAULT = 0;
+	const MAIN = 'main';
+	const ALL = '*';
+	/**
+	 * A map of roles to rights
+	 *
+	 * For example:
+	 *
+	 * array(
+	 *   'myrole' => array(
+	 *       PageMyPage::class => array(
+	 *           'edit' => self::ACCESS_ALLOW,
+	 *           'create' => self::ACCESS_DENY,
+	 *       )
+	 *   )
+	 * )
+	 *
+	 * Note that DENY takes precedence over everything else when roles are combined, followed by ALLOW, followed by
+	 * DEFAULT. Thus, if you have the following ([A]llow, [D]eny, [-] (default)) grants in different roles, this should
+	 * be the expected result:
+	 *
+	 * - (-,-,-) = - (default because nothing to explicitly say allowed or denied equates to a denial)
+	 * - (A,-,-) = A
+	 * - (D,-,-) = D
+	 * - (A,D,-) = D (deny takes precedence over allow)
+	 * - (A,A,A) = A (repetition has no effect)
+	 *
+	 * The public role is special, and is applied to all users automatically. Avoid using deny on this role.
+	 *
+	 * @var array
+	 */
+	private $roleConfig = array(
+		'public'            => array(
+			/*
              * THIS ROLE IS GRANTED TO ALL LOGGED *OUT* USERS IMPLICITLY.
              *
              * USERS IN THIS ROLE DO NOT HAVE TO BE IDENTIFIED TO GET THE RIGHTS CONFERRED HERE.
              * DO NOT ADD ANY SECURITY-SENSITIVE RIGHTS HERE.
              */
-            '_childRoles'    => array(
-                'publicStats',
-            ),
-            PageOAuth::class => array(
-                'callback' => self::ACCESS_ALLOW,
-            ),
-            PageTeam::class  => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-        ),
-        'loggedIn'            => array(
-            /*
+			'_childRoles'    => array(
+				'publicStats',
+			),
+			PageOAuth::class => array(
+				'callback' => self::ACCESS_ALLOW,
+			),
+			PageTeam::class  => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+		),
+		'loggedIn'            => array(
+			/*
              * THIS ROLE IS GRANTED TO ALL LOGGED IN USERS IMPLICITLY.
              *
              * USERS IN THIS ROLE DO NOT HAVE TO BE IDENTIFIED TO GET THE RIGHTS CONFERRED HERE.
              * DO NOT ADD ANY SECURITY-SENSITIVE RIGHTS HERE.
              */
-            '_childRoles'    => array(
-                'public',
-            ),
-            PagePreferences::class               => array(
-                self::MAIN       => self::ACCESS_ALLOW,
-                'changePassword' => self::ACCESS_ALLOW,
-            ),
-            PageOAuth::class                     => array(
-                'attach' => self::ACCESS_ALLOW,
-                'detach' => self::ACCESS_ALLOW,
-            ),
-        ),
-        'user'              => array(
-            '_description' => 'A standard tool user.',
-            '_editableBy' => array('admin', 'toolRoot'),
-            '_childRoles'                        => array(
-                'internalStats',
-            ),
-            PageMain::class                      => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageBan::class                       => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageEditComment::class               => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageEmailManagement::class           => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'view'     => self::ACCESS_ALLOW,
-            ),
-            PageExpandedRequestList::class       => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageLog::class                       => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageSearch::class                    => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageWelcomeTemplateManagement::class => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'select'   => self::ACCESS_ALLOW,
-                'view'     => self::ACCESS_ALLOW,
-            ),
-            PageViewRequest::class               => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            'RequestData'                        => array(
-                'seePrivateDataWhenReserved' => self::ACCESS_ALLOW,
-                'seePrivateDataWithHash'     => self::ACCESS_ALLOW,
-            ),
-            PageCustomClose::class               => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageComment::class                   => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageCloseRequest::class              => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageDeferRequest::class              => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageDropRequest::class               => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageReservation::class               => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageSendToUser::class                => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageBreakReservation::class          => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
+			'_childRoles'    => array(
+				'public',
+			),
+			PagePreferences::class               => array(
+				self::MAIN       => self::ACCESS_ALLOW,
+				'changePassword' => self::ACCESS_ALLOW,
+			),
+			PageOAuth::class                     => array(
+				'attach' => self::ACCESS_ALLOW,
+				'detach' => self::ACCESS_ALLOW,
+			),
+		),
+		'user'              => array(
+			'_description' => 'A standard tool user.',
+			'_editableBy' => array('admin', 'toolRoot'),
+			'_childRoles'                        => array(
+				'internalStats',
+			),
+			PageMain::class                      => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageBan::class                       => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageEditComment::class               => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageEmailManagement::class           => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'view'     => self::ACCESS_ALLOW,
+			),
+			PageExpandedRequestList::class       => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageLog::class                       => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageSearch::class                    => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageWelcomeTemplateManagement::class => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'select'   => self::ACCESS_ALLOW,
+				'view'     => self::ACCESS_ALLOW,
+			),
+			PageViewRequest::class               => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			'RequestData'                        => array(
+				'seePrivateDataWhenReserved' => self::ACCESS_ALLOW,
+				'seePrivateDataWithHash'     => self::ACCESS_ALLOW,
+			),
+			PageCustomClose::class               => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageComment::class                   => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageCloseRequest::class              => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageDeferRequest::class              => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageDropRequest::class               => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageReservation::class               => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageSendToUser::class                => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageBreakReservation::class          => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
 
-        ),
-        'admin'             => array(
-            '_description' => 'A tool administrator.',
-            '_editableBy' => array('admin', 'toolRoot'),
-            '_childRoles'                        => array(
-                'user', 'requestAdminTools',
-            ),
-            PageEmailManagement::class           => array(
-                'edit'   => self::ACCESS_ALLOW,
-                'create' => self::ACCESS_ALLOW,
-            ),
-            PageSiteNotice::class                => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            PageUserManagement::class            => array(
-                self::MAIN  => self::ACCESS_ALLOW,
-                'approve'   => self::ACCESS_ALLOW,
-                'decline'   => self::ACCESS_ALLOW,
-                'rename'    => self::ACCESS_ALLOW,
-                'editUser'  => self::ACCESS_ALLOW,
-                'suspend'   => self::ACCESS_ALLOW,
-                'editRoles' => self::ACCESS_ALLOW,
-            ),
-            PageWelcomeTemplateManagement::class => array(
-                'edit'   => self::ACCESS_ALLOW,
-                'delete' => self::ACCESS_ALLOW,
-                'add'    => self::ACCESS_ALLOW,
-            ),
-        ),
-        'checkuser'         => array(
-            '_description' => 'A user with CheckUser access',
-            '_editableBy' => array('checkuser', 'toolRoot'),
-            '_childRoles'             => array(
-                'user', 'requestAdminTools',
-            ),
-            PageUserManagement::class => array(
-                self::MAIN  => self::ACCESS_ALLOW,
-                'suspend'   => self::ACCESS_ALLOW,
-                'editRoles' => self::ACCESS_ALLOW,
-            ),
-            'RequestData'             => array(
-                'seeUserAgentData' => self::ACCESS_ALLOW,
-            ),
-        ),
-        'toolRoot'         => array(
-            '_description' => 'A user with shell access to the servers running the tool',
-            '_editableBy' => array('toolRoot'),
-            '_childRoles'             => array(
-                'admin', 'checkuser',
-            ),
-        ),
+		),
+		'admin'             => array(
+			'_description' => 'A tool administrator.',
+			'_editableBy' => array('admin', 'toolRoot'),
+			'_childRoles'                        => array(
+				'user', 'requestAdminTools',
+			),
+			PageEmailManagement::class           => array(
+				'edit'   => self::ACCESS_ALLOW,
+				'create' => self::ACCESS_ALLOW,
+			),
+			PageSiteNotice::class                => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			PageUserManagement::class            => array(
+				self::MAIN  => self::ACCESS_ALLOW,
+				'approve'   => self::ACCESS_ALLOW,
+				'decline'   => self::ACCESS_ALLOW,
+				'rename'    => self::ACCESS_ALLOW,
+				'editUser'  => self::ACCESS_ALLOW,
+				'suspend'   => self::ACCESS_ALLOW,
+				'editRoles' => self::ACCESS_ALLOW,
+			),
+			PageWelcomeTemplateManagement::class => array(
+				'edit'   => self::ACCESS_ALLOW,
+				'delete' => self::ACCESS_ALLOW,
+				'add'    => self::ACCESS_ALLOW,
+			),
+		),
+		'checkuser'         => array(
+			'_description' => 'A user with CheckUser access',
+			'_editableBy' => array('checkuser', 'toolRoot'),
+			'_childRoles'             => array(
+				'user', 'requestAdminTools',
+			),
+			PageUserManagement::class => array(
+				self::MAIN  => self::ACCESS_ALLOW,
+				'suspend'   => self::ACCESS_ALLOW,
+				'editRoles' => self::ACCESS_ALLOW,
+			),
+			'RequestData'             => array(
+				'seeUserAgentData' => self::ACCESS_ALLOW,
+			),
+		),
+		'toolRoot'         => array(
+			'_description' => 'A user with shell access to the servers running the tool',
+			'_editableBy' => array('toolRoot'),
+			'_childRoles'             => array(
+				'admin', 'checkuser',
+			),
+		),
 
-        // Child roles go below this point
-        'publicStats'       => array(
-            '_hidden'               => true,
-            StatsUsers::class       => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'detail'   => self::ACCESS_ALLOW,
-            ),
-            StatsTopCreators::class => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-        ),
-        'internalStats'     => array(
-            '_hidden'                    => true,
-            StatsMain::class             => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            StatsFastCloses::class       => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            StatsInactiveUsers::class    => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            StatsMonthlyStats::class     => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            StatsReservedRequests::class => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-            StatsTemplateStats::class    => array(
-                self::MAIN => self::ACCESS_ALLOW,
-            ),
-        ),
-        'requestAdminTools' => array(
-            '_hidden'                   => true,
-            PageBan::class              => array(
-                self::MAIN => self::ACCESS_ALLOW,
-                'set'      => self::ACCESS_ALLOW,
-                'remove'   => self::ACCESS_ALLOW,
-            ),
-            PageEditComment::class      => array(
-                'editOthers' => self::ACCESS_ALLOW,
-            ),
-            PageBreakReservation::class => array(
-                'force' => self::ACCESS_ALLOW,
-            ),
-            PageCustomClose::class      => array(
-                'skipCcMailingList' => self::ACCESS_ALLOW,
-            ),
-            'RequestData'               => array(
-                'reopenOldRequest'      => self::ACCESS_ALLOW,
-                'alwaysSeePrivateData'  => self::ACCESS_ALLOW,
-                'alwaysSeeHash'         => self::ACCESS_ALLOW,
-                'seeRestrictedComments' => self::ACCESS_ALLOW,
-            ),
-        ),
-    );
-    /** @var array
-     * List of roles which are *exempt* from the identification requirements
-     *
-     * Think twice about adding roles to this list.
-     *
-     * @category Security-Critical
-     */
-    private $identificationExempt = array('public', 'loggedIn');
+		// Child roles go below this point
+		'publicStats'       => array(
+			'_hidden'               => true,
+			StatsUsers::class       => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'detail'   => self::ACCESS_ALLOW,
+			),
+			StatsTopCreators::class => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+		),
+		'internalStats'     => array(
+			'_hidden'                    => true,
+			StatsMain::class             => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			StatsFastCloses::class       => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			StatsInactiveUsers::class    => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			StatsMonthlyStats::class     => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			StatsReservedRequests::class => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+			StatsTemplateStats::class    => array(
+				self::MAIN => self::ACCESS_ALLOW,
+			),
+		),
+		'requestAdminTools' => array(
+			'_hidden'                   => true,
+			PageBan::class              => array(
+				self::MAIN => self::ACCESS_ALLOW,
+				'set'      => self::ACCESS_ALLOW,
+				'remove'   => self::ACCESS_ALLOW,
+			),
+			PageEditComment::class      => array(
+				'editOthers' => self::ACCESS_ALLOW,
+			),
+			PageBreakReservation::class => array(
+				'force' => self::ACCESS_ALLOW,
+			),
+			PageCustomClose::class      => array(
+				'skipCcMailingList' => self::ACCESS_ALLOW,
+			),
+			'RequestData'               => array(
+				'reopenOldRequest'      => self::ACCESS_ALLOW,
+				'alwaysSeePrivateData'  => self::ACCESS_ALLOW,
+				'alwaysSeeHash'         => self::ACCESS_ALLOW,
+				'seeRestrictedComments' => self::ACCESS_ALLOW,
+			),
+		),
+	);
+	/** @var array
+	 * List of roles which are *exempt* from the identification requirements
+	 *
+	 * Think twice about adding roles to this list.
+	 *
+	 * @category Security-Critical
+	 */
+	private $identificationExempt = array('public', 'loggedIn');
 
-    /**
-     * RoleConfiguration constructor.
-     *
-     * @param array $roleConfig           Set to non-null to override the default configuration.
-     * @param array $identificationExempt Set to non-null to override the default configuration.
-     */
-    public function __construct(array $roleConfig = null, array $identificationExempt = null)
-    {
-        if ($roleConfig !== null) {
-            $this->roleConfig = $roleConfig;
-        }
+	/**
+	 * RoleConfiguration constructor.
+	 *
+	 * @param array $roleConfig           Set to non-null to override the default configuration.
+	 * @param array $identificationExempt Set to non-null to override the default configuration.
+	 */
+	public function __construct(array $roleConfig = null, array $identificationExempt = null)
+	{
+		if ($roleConfig !== null) {
+			$this->roleConfig = $roleConfig;
+		}
 
-        if ($identificationExempt !== null) {
-            $this->identificationExempt = $identificationExempt;
-        }
-    }
+		if ($identificationExempt !== null) {
+			$this->identificationExempt = $identificationExempt;
+		}
+	}
 
-    /**
-     * @param array $roles The roles to check
-     *
-     * @return array
-     */
-    public function getApplicableRoles(array $roles)
-    {
-        $available = array();
+	/**
+	 * @param array $roles The roles to check
+	 *
+	 * @return array
+	 */
+	public function getApplicableRoles(array $roles)
+	{
+		$available = array();
 
-        foreach ($roles as $role) {
-            if (!isset($this->roleConfig[$role])) {
-                // wat
-                continue;
-            }
+		foreach ($roles as $role) {
+			if (!isset($this->roleConfig[$role])) {
+				// wat
+				continue;
+			}
 
-            $available[$role] = $this->roleConfig[$role];
+			$available[$role] = $this->roleConfig[$role];
 
-            if (isset($available[$role]['_childRoles'])) {
-                $childRoles = self::getApplicableRoles($available[$role]['_childRoles']);
-                $available = array_merge($available, $childRoles);
+			if (isset($available[$role]['_childRoles'])) {
+				$childRoles = self::getApplicableRoles($available[$role]['_childRoles']);
+				$available = array_merge($available, $childRoles);
 
-                unset($available[$role]['_childRoles']);
-            }
+				unset($available[$role]['_childRoles']);
+			}
 
-            foreach (array('_hidden', '_editableBy', '_description') as $item) {
-                if (isset($available[$role][$item])) {
-                    unset($available[$role][$item]);
-                }
-            }
-        }
+			foreach (array('_hidden', '_editableBy', '_description') as $item) {
+				if (isset($available[$role][$item])) {
+					unset($available[$role][$item]);
+				}
+			}
+		}
 
-        return $available;
-    }
+		return $available;
+	}
 
-    public function getAvailableRoles()
-    {
-        $possible = array_diff(array_keys($this->roleConfig), array('public', 'loggedIn'));
+	public function getAvailableRoles()
+	{
+		$possible = array_diff(array_keys($this->roleConfig), array('public', 'loggedIn'));
 
-        $actual = array();
+		$actual = array();
 
-        foreach ($possible as $role) {
-            if (!isset($this->roleConfig[$role]['_hidden'])) {
-                $actual[$role] = array(
-                    'description' => $this->roleConfig[$role]['_description'],
-                    'editableBy'  => $this->roleConfig[$role]['_editableBy'],
-                );
-            }
-        }
+		foreach ($possible as $role) {
+			if (!isset($this->roleConfig[$role]['_hidden'])) {
+				$actual[$role] = array(
+					'description' => $this->roleConfig[$role]['_description'],
+					'editableBy'  => $this->roleConfig[$role]['_editableBy'],
+				);
+			}
+		}
 
-        return $actual;
-    }
+		return $actual;
+	}
 
-    /**
-     * @param string $role
-     *
-     * @return bool
-     */
-    public function roleNeedsIdentification($role)
-    {
-        if (in_array($role, $this->identificationExempt)) {
-            return false;
-        }
+	/**
+	 * @param string $role
+	 *
+	 * @return bool
+	 */
+	public function roleNeedsIdentification($role)
+	{
+		if (in_array($role, $this->identificationExempt)) {
+			return false;
+		}
 
-        return true;
-    }
+		return true;
+	}
 }

includes/Security/Token.php

Indentation +69 added lines, -69 removed lines

@@ -12,80 +12,80 @@
 
 class Token
 {
-    /** @var string */
-    private $tokenData;
-    /** @var string */
-    private $context;
-    /** @var DateTimeImmutable */
-    private $generationTimestamp;
-    /** @var DateTimeImmutable */
-    private $usageTimestamp;
-    /** @var bool */
-    private $used;
+	/** @var string */
+	private $tokenData;
+	/** @var string */
+	private $context;
+	/** @var DateTimeImmutable */
+	private $generationTimestamp;
+	/** @var DateTimeImmutable */
+	private $usageTimestamp;
+	/** @var bool */
+	private $used;
 
-    /**
-     * Token constructor.
-     *
-     * @param string $tokenData
-     * @param string $context
-     */
-    public function __construct($tokenData, $context)
-    {
-        $this->tokenData = $tokenData;
-        $this->context = $context;
-        $this->generationTimestamp = new DateTimeImmutable();
-        $this->usageTimestamp = null;
-        $this->used = false;
-    }
+	/**
+	 * Token constructor.
+	 *
+	 * @param string $tokenData
+	 * @param string $context
+	 */
+	public function __construct($tokenData, $context)
+	{
+		$this->tokenData = $tokenData;
+		$this->context = $context;
+		$this->generationTimestamp = new DateTimeImmutable();
+		$this->usageTimestamp = null;
+		$this->used = false;
+	}
 
-    /**
-     * @return DateTimeImmutable
-     */
-    public function getGenerationTimestamp()
-    {
-        return $this->generationTimestamp;
-    }
+	/**
+	 * @return DateTimeImmutable
+	 */
+	public function getGenerationTimestamp()
+	{
+		return $this->generationTimestamp;
+	}
 
-    /**
-     * @return string
-     */
-    public function getContext()
-    {
-        return $this->context;
-    }
+	/**
+	 * @return string
+	 */
+	public function getContext()
+	{
+		return $this->context;
+	}
 
-    /**
-     * @return string
-     */
-    public function getTokenData()
-    {
-        return $this->tokenData;
-    }
+	/**
+	 * @return string
+	 */
+	public function getTokenData()
+	{
+		return $this->tokenData;
+	}
 
-    /**
-     * Returns a value indicating whether the token has already been used or not
-     *
-     * @return boolean
-     */
-    public function isUsed()
-    {
-        return $this->used;
-    }
+	/**
+	 * Returns a value indicating whether the token has already been used or not
+	 *
+	 * @return boolean
+	 */
+	public function isUsed()
+	{
+		return $this->used;
+	}
 
-    /**
-     * Marks the token as used
-     */
-    public function markAsUsed()
-    {
-        $this->used = true;
-        $this->usageTimestamp = new DateTimeImmutable();
-    }
+	/**
+	 * Marks the token as used
+	 */
+	public function markAsUsed()
+	{
+		$this->used = true;
+		$this->usageTimestamp = new DateTimeImmutable();
+	}
 
-    /**
-     * @return DateTimeImmutable
-     */
-    public function getUsageTimestamp()
-    {
-        return $this->usageTimestamp;
-    }
+	/**
+	 * @return DateTimeImmutable
+	 */
+	public function getUsageTimestamp()
+	{
+		return $this->usageTimestamp;
+	}
 }
\ No newline at end of file

includes/Security/TokenManager.php

Indentation +87 added lines, -87 removed lines

@@ -13,91 +13,91 @@
 
 class TokenManager
 {
-    /**
-     * Validates a CSRF token
-     *
-     * @param string      $data    The token data string itself
-     * @param string|null $context Token context for extra validation
-     *
-     * @return bool
-     */
-    public function validateToken($data, $context = null)
-    {
-        if (!is_string($data) || strlen($data) === 0) {
-            // Nothing to validate
-            return false;
-        }
-
-        $tokens = WebRequest::getSessionTokenData();
-
-        // if the token doesn't exist, then it's not valid
-        if (!array_key_exists($data, $tokens)) {
-            return false;
-        }
-
-        /** @var Token $token */
-        $token = unserialize($tokens[$data]);
-
-        if ($token->getTokenData() !== $data) {
-            return false;
-        }
-
-        if ($token->getContext() !== $context) {
-            return false;
-        }
-
-        if ($token->isUsed()) {
-            return false;
-        }
-
-        // mark the token as used, and save it back to the session
-        $token->markAsUsed();
-        $this->storeToken($token);
-
-        return true;
-    }
-
-    /**
-     * @param string|null $context An optional context for extra validation
-     *
-     * @return Token
-     */
-    public function getNewToken($context = null)
-    {
-        $token = new Token($this->generateTokenData(), $context);
-        $this->storeToken($token);
-
-        return $token;
-    }
-
-    /**
-     * Stores a token in the session data
-     *
-     * @param Token $token
-     */
-    private function storeToken(Token $token)
-    {
-        $tokens = WebRequest::getSessionTokenData();
-        $tokens[$token->getTokenData()] = serialize($token);
-        WebRequest::setSessionTokenData($tokens);
-    }
-
-    /**
-     * Generates a security token
-     *
-     * @return string
-     * @throws Exception
-     *
-     * @category Security-Critical
-     */
-    private function generateTokenData()
-    {
-        $genBytes = openssl_random_pseudo_bytes(33);
-
-        if ($genBytes !== false) {
-            return base64_encode($genBytes);
-        }
-
-        throw new Exception('Unable to generate secure token.');
-    }
+	/**
+	 * Validates a CSRF token
+	 *
+	 * @param string      $data    The token data string itself
+	 * @param string|null $context Token context for extra validation
+	 *
+	 * @return bool
+	 */
+	public function validateToken($data, $context = null)
+	{
+		if (!is_string($data) || strlen($data) === 0) {
+			// Nothing to validate
+			return false;
+		}
+
+		$tokens = WebRequest::getSessionTokenData();
+
+		// if the token doesn't exist, then it's not valid
+		if (!array_key_exists($data, $tokens)) {
+			return false;
+		}
+
+		/** @var Token $token */
+		$token = unserialize($tokens[$data]);
+
+		if ($token->getTokenData() !== $data) {
+			return false;
+		}
+
+		if ($token->getContext() !== $context) {
+			return false;
+		}
+
+		if ($token->isUsed()) {
+			return false;
+		}
+
+		// mark the token as used, and save it back to the session
+		$token->markAsUsed();
+		$this->storeToken($token);
+
+		return true;
+	}
+
+	/**
+	 * @param string|null $context An optional context for extra validation
+	 *
+	 * @return Token
+	 */
+	public function getNewToken($context = null)
+	{
+		$token = new Token($this->generateTokenData(), $context);
+		$this->storeToken($token);
+
+		return $token;
+	}
+
+	/**
+	 * Stores a token in the session data
+	 *
+	 * @param Token $token
+	 */
+	private function storeToken(Token $token)
+	{
+		$tokens = WebRequest::getSessionTokenData();
+		$tokens[$token->getTokenData()] = serialize($token);
+		WebRequest::setSessionTokenData($tokens);
+	}
+
+	/**
+	 * Generates a security token
+	 *
+	 * @return string
+	 * @throws Exception
+	 *
+	 * @category Security-Critical
+	 */
+	private function generateTokenData()
+	{
+		$genBytes = openssl_random_pseudo_bytes(33);
+
+		if ($genBytes !== false) {
+			return base64_encode($genBytes);
+		}
+
+		throw new Exception('Unable to generate secure token.');
+	}
 }
\ No newline at end of file

includes/WebStart.php

Indentation +220 added lines, -220 removed lines

@@ -30,224 +30,224 @@
  */
 class WebStart extends ApplicationBase
 {
-    /**
-     * @var IRequestRouter $requestRouter The request router to use. Note that different entry points have different
-     *                                    routers and hence different URL mappings
-     */
-    private $requestRouter;
-    /**
-     * @var bool $isPublic Determines whether to use public interface objects or internal interface objects
-     */
-    private $isPublic = false;
-
-    /**
-     * WebStart constructor.
-     *
-     * @param SiteConfiguration $configuration The site configuration
-     * @param IRequestRouter    $router        The request router to use
-     */
-    public function __construct(SiteConfiguration $configuration, IRequestRouter $router)
-    {
-        parent::__construct($configuration);
-
-        $this->requestRouter = $router;
-    }
-
-    /**
-     * @param ITask             $page
-     * @param SiteConfiguration $siteConfiguration
-     * @param PdoDatabase       $database
-     * @param PdoDatabase       $notificationsDatabase
-     *
-     * @return void
-     */
-    protected function setupHelpers(
-        ITask $page,
-        SiteConfiguration $siteConfiguration,
-        PdoDatabase $database,
-        PdoDatabase $notificationsDatabase = null
-    ) {
-        parent::setupHelpers($page, $siteConfiguration, $database, $notificationsDatabase);
-
-        if ($page instanceof PageBase) {
-            $page->setTokenManager(new TokenManager());
-
-            if ($page instanceof InternalPageBase) {
-                $page->setTypeAheadHelper(new TypeAheadHelper());
-
-                $identificationVerifier = new IdentificationVerifier($page->getHttpHelper(), $siteConfiguration,
-                    $database);
-                $page->setIdentificationVerifier($identificationVerifier);
-
-                $page->setSecurityManager(new SecurityManager($identificationVerifier, new RoleConfiguration()));
-
-                if ($siteConfiguration->getTitleBlacklistEnabled()) {
-                    $page->setBlacklistHelper(new FakeBlacklistHelper());
-                }
-                else {
-                    $page->setBlacklistHelper(new BlacklistHelper($page->getHttpHelper(),
-                        $siteConfiguration->getMediawikiWebServiceEndpoint()));
-                }
-            }
-        }
-    }
-
-    /**
-     * Application entry point.
-     *
-     * Sets up the environment and runs the application, performing any global cleanup operations when done.
-     */
-    public function run()
-    {
-        try {
-            if ($this->setupEnvironment()) {
-                $this->main();
-            }
-        }
-        catch (EnvironmentException $ex) {
-            ob_end_clean();
-            print Offline::getOfflineMessage($this->isPublic(), $ex->getMessage());
-        }
-        catch (ReadableException $ex) {
-            ob_end_clean();
-            print $ex->getReadableError();
-        }
-        finally {
-            $this->cleanupEnvironment();
-        }
-    }
-
-    /**
-     * Environment setup
-     *
-     * This method initialises the tool environment. If the tool cannot be initialised correctly, it will return false
-     * and shut down prematurely.
-     *
-     * @return bool
-     * @throws EnvironmentException
-     */
-    protected function setupEnvironment()
-    {
-        // initialise global exception handler
-        set_exception_handler(array(ExceptionHandler::class, 'exceptionHandler'));
-        set_error_handler(array(ExceptionHandler::class, 'errorHandler'), E_RECOVERABLE_ERROR);
-
-        // start output buffering if necessary
-        if (ob_get_level() === 0) {
-            ob_start();
-        }
-
-        // initialise super-global providers
-        WebRequest::setGlobalStateProvider(new GlobalStateProvider());
-
-        if (Offline::isOffline()) {
-            print Offline::getOfflineMessage($this->isPublic());
-            ob_end_flush();
-
-            return false;
-        }
-
-        // Call parent setup
-        if (!parent::setupEnvironment()) {
-            return false;
-        }
-
-        // Start up sessions
-        Session::start();
-
-        // Check the user is allowed to be logged in still. This must be before we call any user-loading functions and
-        // get the current user cached.
-        // I'm not sure if this function call being here is particularly a good thing, but it's part of starting up a
-        // session I suppose.
-        $this->checkForceLogout();
-
-        // environment initialised!
-        return true;
-    }
-
-    /**
-     * Main application logic
-     */
-    protected function main()
-    {
-        // Get the right route for the request
-        $page = $this->requestRouter->route();
-
-        $siteConfiguration = $this->getConfiguration();
-        $database = PdoDatabase::getDatabaseConnection('acc');
-
-        if ($siteConfiguration->getIrcNotificationsEnabled()) {
-            $notificationsDatabase = PdoDatabase::getDatabaseConnection('notifications');
-        }
-        else {
-            // @todo federated table here?
-            $notificationsDatabase = $database;
-        }
-
-        $this->setupHelpers($page, $siteConfiguration, $database, $notificationsDatabase);
-
-        /* @todo Remove this global statement! It's here for User.php, which does far more than it should. */
-        global $oauthHelper;
-        $oauthHelper = $page->getOAuthHelper();
-
-        /* @todo Remove this global statement! It's here for Request.php, which does far more than it should. */
-        global $globalXffTrustProvider;
-        $globalXffTrustProvider = $page->getXffTrustProvider();
-
-        // run the route code for the request.
-        $page->execute();
-    }
-
-    /**
-     * Any cleanup tasks should go here
-     *
-     * Note that we need to be very careful here, as exceptions may have been thrown and handled.
-     * This should *only* be for cleaning up, no logic should go here.
-     */
-    protected function cleanupEnvironment()
-    {
-        // Clean up anything we splurged after sending the page.
-        if (ob_get_level() > 0) {
-            for ($i = ob_get_level(); $i > 0; $i--) {
-                ob_end_clean();
-            }
-        }
-    }
-
-    private function checkForceLogout()
-    {
-        $database = PdoDatabase::getDatabaseConnection('acc');
-
-        $sessionUserId = WebRequest::getSessionUserId();
-        iF ($sessionUserId === null) {
-            return;
-        }
-
-        // Note, User::getCurrent() caches it's result, which we *really* don't want to trigger.
-        $currentUser = User::getById($sessionUserId, $database);
-
-        if ($currentUser === false) {
-            // Umm... this user has a session cookie with a userId set, but no user exists...
-            Session::restart();
-
-            $currentUser = User::getCurrent($database);
-        }
-
-        if ($currentUser->getForceLogout()) {
-            Session::restart();
-
-            $currentUser->setForceLogout(false);
-            $currentUser->save();
-        }
-    }
-
-    public function isPublic()
-    {
-        return $this->isPublic;
-    }
-
-    public function setPublic($isPublic)
-    {
-        $this->isPublic = $isPublic;
-    }
+	/**
+	 * @var IRequestRouter $requestRouter The request router to use. Note that different entry points have different
+	 *                                    routers and hence different URL mappings
+	 */
+	private $requestRouter;
+	/**
+	 * @var bool $isPublic Determines whether to use public interface objects or internal interface objects
+	 */
+	private $isPublic = false;
+
+	/**
+	 * WebStart constructor.
+	 *
+	 * @param SiteConfiguration $configuration The site configuration
+	 * @param IRequestRouter    $router        The request router to use
+	 */
+	public function __construct(SiteConfiguration $configuration, IRequestRouter $router)
+	{
+		parent::__construct($configuration);
+
+		$this->requestRouter = $router;
+	}
+
+	/**
+	 * @param ITask             $page
+	 * @param SiteConfiguration $siteConfiguration
+	 * @param PdoDatabase       $database
+	 * @param PdoDatabase       $notificationsDatabase
+	 *
+	 * @return void
+	 */
+	protected function setupHelpers(
+		ITask $page,
+		SiteConfiguration $siteConfiguration,
+		PdoDatabase $database,
+		PdoDatabase $notificationsDatabase = null
+	) {
+		parent::setupHelpers($page, $siteConfiguration, $database, $notificationsDatabase);
+
+		if ($page instanceof PageBase) {
+			$page->setTokenManager(new TokenManager());
+
+			if ($page instanceof InternalPageBase) {
+				$page->setTypeAheadHelper(new TypeAheadHelper());
+
+				$identificationVerifier = new IdentificationVerifier($page->getHttpHelper(), $siteConfiguration,
+					$database);
+				$page->setIdentificationVerifier($identificationVerifier);
+
+				$page->setSecurityManager(new SecurityManager($identificationVerifier, new RoleConfiguration()));
+
+				if ($siteConfiguration->getTitleBlacklistEnabled()) {
+					$page->setBlacklistHelper(new FakeBlacklistHelper());
+				}
+				else {
+					$page->setBlacklistHelper(new BlacklistHelper($page->getHttpHelper(),
+						$siteConfiguration->getMediawikiWebServiceEndpoint()));
+				}
+			}
+		}
+	}
+
+	/**
+	 * Application entry point.
+	 *
+	 * Sets up the environment and runs the application, performing any global cleanup operations when done.
+	 */
+	public function run()
+	{
+		try {
+			if ($this->setupEnvironment()) {
+				$this->main();
+			}
+		}
+		catch (EnvironmentException $ex) {
+			ob_end_clean();
+			print Offline::getOfflineMessage($this->isPublic(), $ex->getMessage());
+		}
+		catch (ReadableException $ex) {
+			ob_end_clean();
+			print $ex->getReadableError();
+		}
+		finally {
+			$this->cleanupEnvironment();
+		}
+	}
+
+	/**
+	 * Environment setup
+	 *
+	 * This method initialises the tool environment. If the tool cannot be initialised correctly, it will return false
+	 * and shut down prematurely.
+	 *
+	 * @return bool
+	 * @throws EnvironmentException
+	 */
+	protected function setupEnvironment()
+	{
+		// initialise global exception handler
+		set_exception_handler(array(ExceptionHandler::class, 'exceptionHandler'));
+		set_error_handler(array(ExceptionHandler::class, 'errorHandler'), E_RECOVERABLE_ERROR);
+
+		// start output buffering if necessary
+		if (ob_get_level() === 0) {
+			ob_start();
+		}
+
+		// initialise super-global providers
+		WebRequest::setGlobalStateProvider(new GlobalStateProvider());
+
+		if (Offline::isOffline()) {
+			print Offline::getOfflineMessage($this->isPublic());
+			ob_end_flush();
+
+			return false;
+		}
+
+		// Call parent setup
+		if (!parent::setupEnvironment()) {
+			return false;
+		}
+
+		// Start up sessions
+		Session::start();
+
+		// Check the user is allowed to be logged in still. This must be before we call any user-loading functions and
+		// get the current user cached.
+		// I'm not sure if this function call being here is particularly a good thing, but it's part of starting up a
+		// session I suppose.
+		$this->checkForceLogout();
+
+		// environment initialised!
+		return true;
+	}
+
+	/**
+	 * Main application logic
+	 */
+	protected function main()
+	{
+		// Get the right route for the request
+		$page = $this->requestRouter->route();
+
+		$siteConfiguration = $this->getConfiguration();
+		$database = PdoDatabase::getDatabaseConnection('acc');
+
+		if ($siteConfiguration->getIrcNotificationsEnabled()) {
+			$notificationsDatabase = PdoDatabase::getDatabaseConnection('notifications');
+		}
+		else {
+			// @todo federated table here?
+			$notificationsDatabase = $database;
+		}
+
+		$this->setupHelpers($page, $siteConfiguration, $database, $notificationsDatabase);
+
+		/* @todo Remove this global statement! It's here for User.php, which does far more than it should. */
+		global $oauthHelper;
+		$oauthHelper = $page->getOAuthHelper();
+
+		/* @todo Remove this global statement! It's here for Request.php, which does far more than it should. */
+		global $globalXffTrustProvider;
+		$globalXffTrustProvider = $page->getXffTrustProvider();
+
+		// run the route code for the request.
+		$page->execute();
+	}
+
+	/**
+	 * Any cleanup tasks should go here
+	 *
+	 * Note that we need to be very careful here, as exceptions may have been thrown and handled.
+	 * This should *only* be for cleaning up, no logic should go here.
+	 */
+	protected function cleanupEnvironment()
+	{
+		// Clean up anything we splurged after sending the page.
+		if (ob_get_level() > 0) {
+			for ($i = ob_get_level(); $i > 0; $i--) {
+				ob_end_clean();
+			}
+		}
+	}
+
+	private function checkForceLogout()
+	{
+		$database = PdoDatabase::getDatabaseConnection('acc');
+
+		$sessionUserId = WebRequest::getSessionUserId();
+		iF ($sessionUserId === null) {
+			return;
+		}
+
+		// Note, User::getCurrent() caches it's result, which we *really* don't want to trigger.
+		$currentUser = User::getById($sessionUserId, $database);
+
+		if ($currentUser === false) {
+			// Umm... this user has a session cookie with a userId set, but no user exists...
+			Session::restart();
+
+			$currentUser = User::getCurrent($database);
+		}
+
+		if ($currentUser->getForceLogout()) {
+			Session::restart();
+
+			$currentUser->setForceLogout(false);
+			$currentUser->save();
+		}
+	}
+
+	public function isPublic()
+	{
+		return $this->isPublic;
+	}
+
+	public function setPublic($isPublic)
+	{
+		$this->isPublic = $isPublic;
+	}
 }

Braces +2 added lines, -4 removed lines

@@ -83,8 +83,7 @@ 
 
                 if ($siteConfiguration->getTitleBlacklistEnabled()) {
                     $page->setBlacklistHelper(new FakeBlacklistHelper());
-                }
-                else {
+                } else {
                     $page->setBlacklistHelper(new BlacklistHelper($page->getHttpHelper(),
                         $siteConfiguration->getMediawikiWebServiceEndpoint()));
                 }
@@ -178,8 +177,7 @@ 
 
         if ($siteConfiguration->getIrcNotificationsEnabled()) {
             $notificationsDatabase = PdoDatabase::getDatabaseConnection('notifications');
-        }
-        else {
+        } else {
             // @todo federated table here?
             $notificationsDatabase = $database;
         }

includes/API/Actions/StatusAction.php

Indentation +39 added lines, -39 removed lines

@@ -17,67 +17,67 @@
  */
 class StatusAction extends ApiPageBase implements IApiAction
 {
-    public function executeApiAction(DOMElement $apiDocument)
-    {
-        $statusElement = $this->document->createElement("status");
-        $apiDocument->appendChild($statusElement);
+	public function executeApiAction(DOMElement $apiDocument)
+	{
+		$statusElement = $this->document->createElement("status");
+		$apiDocument->appendChild($statusElement);
 
-        $query = $this->getDatabase()->prepare(<<<SQL
+		$query = $this->getDatabase()->prepare(<<<SQL
             SELECT /* Api/StatusAction */ COUNT(*) AS count
             FROM request
             WHERE
                 status = :pstatus
                 AND emailconfirm = 'Confirmed';
 SQL
-        );
+		);
 
-        $availableRequestStates = $this->getSiteConfiguration()->getRequestStates();
+		$availableRequestStates = $this->getSiteConfiguration()->getRequestStates();
 
-        foreach ($availableRequestStates as $key => $value) {
-            $query->bindValue(":pstatus", $key);
-            $query->execute();
-            $sus = $query->fetchColumn();
-            $statusElement->setAttribute($value['api'], $sus);
-            $query->closeCursor();
-        }
+		foreach ($availableRequestStates as $key => $value) {
+			$query->bindValue(":pstatus", $key);
+			$query->execute();
+			$sus = $query->fetchColumn();
+			$statusElement->setAttribute($value['api'], $sus);
+			$query->closeCursor();
+		}
 
-        $query = $this->getDatabase()->prepare(<<<SQL
+		$query = $this->getDatabase()->prepare(<<<SQL
             SELECT /* Api/StatusAction */ COUNT(*) AS count
             FROM ban
             WHERE
                 (duration > UNIX_TIMESTAMP() OR duration = -1)
                 AND active = 1;
 SQL
-        );
+		);
 
-        $query->execute();
-        $sus = $query->fetchColumn();
-        $statusElement->setAttribute("bans", $sus);
-        $query->closeCursor();
+		$query->execute();
+		$sus = $query->fetchColumn();
+		$statusElement->setAttribute("bans", $sus);
+		$query->closeCursor();
 
-        $query = $this->getDatabase()->prepare(<<<SQL
+		$query = $this->getDatabase()->prepare(<<<SQL
 SELECT /* Api/StatusAction */ COUNT(*) AS count
 FROM user WHERE status = :ulevel;
 SQL
-        );
-        $query->bindValue(":ulevel", "Admin");
-        $query->execute();
-        $sus = $query->fetchColumn();
-        $statusElement->setAttribute("useradmin", $sus);
-        $query->closeCursor();
+		);
+		$query->bindValue(":ulevel", "Admin");
+		$query->execute();
+		$sus = $query->fetchColumn();
+		$statusElement->setAttribute("useradmin", $sus);
+		$query->closeCursor();
 
-        $query->bindValue(":ulevel", "User");
-        $query->execute();
-        $sus = $query->fetchColumn();
-        $statusElement->setAttribute("user", $sus);
-        $query->closeCursor();
+		$query->bindValue(":ulevel", "User");
+		$query->execute();
+		$sus = $query->fetchColumn();
+		$statusElement->setAttribute("user", $sus);
+		$query->closeCursor();
 
-        $query->bindValue(":ulevel", "New");
-        $query->execute();
-        $sus = $query->fetchColumn();
-        $statusElement->setAttribute("usernew", $sus);
-        $query->closeCursor();
+		$query->bindValue(":ulevel", "New");
+		$query->execute();
+		$sus = $query->fetchColumn();
+		$statusElement->setAttribute("usernew", $sus);
+		$query->closeCursor();
 
-        return $apiDocument;
-    }
+		return $apiDocument;
+	}
 }